Hi guys in my machine when I query `process_namesp...
# generaln
nebi
02/20/2019, 9:12 PMHi guys in my machine when I query
process_namespacesselect * from process_namespacespid_namespacespid1u
8p8c
02/20/2019, 9:36 PM Copy code
osquery> select version from osquery_info ;
version = 3.3.2
osquery> select * from process_namespaces limit 1 ;
pid = 1
cgroup_namespace = 4026531835
ipc_namespace = 4026531839
mnt_namespace = 4026531840
net_namespace = 4026531957
pid_namespace = 4026531836
user_namespace = 4026531837
uts_namespace = 40265318388p8c
02/20/2019, 9:38 PMworks for me. without more specifics from you i couldn't tell what's wrong with your install.
n
nebi
02/20/2019, 9:45 PMis this ubuntu machine?
u
8p8c
02/20/2019, 9:45 PMyes
n
nebi
02/20/2019, 9:45 PMMy version is 3.3.2 and my machine is ubuntu 18.04
u
8p8c
02/20/2019, 9:46 PMmy output above is from 16.04
n
nebi
02/20/2019, 9:46 PMhmm
nebi
02/20/2019, 9:46 PMyou think that's the problem?
u
8p8c
02/20/2019, 9:47 PMi haven't tried but i doubt. getting namespaces shouldn't have changed so dramatically between the kernels
8p8c
02/20/2019, 9:50 PMbut feel welcome to prove me wrong.
8p8c
02/20/2019, 9:51 PMmore information on the details how you're getting your results would also be useful.
n
nebi
02/20/2019, 9:56 PM@8p8c can you be more specific
nebi
02/20/2019, 9:56 PMim just running
osqueryiu
8p8c
02/20/2019, 9:57 PMhow?
n
nebi
02/20/2019, 9:57 PMthen this command
select * from process_namespacesu
8p8c
02/20/2019, 9:59 PMk.
so, tried it with sudo also?
n
nebi
02/20/2019, 10:00 PMyou mean when I type
osqueryiu
8p8c
02/20/2019, 10:03 PMYes. How else are you going to get data out accessible only to root?
n
nebi
02/20/2019, 10:06 PMomg, it worked now!
nebi
02/20/2019, 10:06 PMthanks man
nebi
02/20/2019, 10:06 PMsorry, I'm just beginner
u
8p8c
02/20/2019, 10:08 PMNp. Don’t forget to close the issue in github.
n
nebi
02/20/2019, 10:13 PMdone
nebi
02/20/2019, 10:13 PMthanks
5 Views